Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Implemented
-
qpid-java-broker-9.1.0
-
None
Description
JDBC allows to supply datasource parameters via JDBC connection string in form: jdbc:<vendor>://<hostname>:<port>/<database>?key1=value1&key2=value2&key3=value3
Relevant configuration for a virtualhost for PostgreSQL looks like following:
{
"type" : "JDBC",
"connectionPoolType" : "BONECP",
"connectionUrl": "jdbc:postgresql://<hostname>:<port>/<database_name>?ssl=true&sslmode=verify-full&sslkey=<path_to_ssl_key_file>&sslpassword=<ssl_key_file_password>&sslrootcert=<path_to_root_certificate>",
"username": "QPID",
"password": null
}
To make hide sensitive parameters like keystore / truststore passwords configuration should reference a keystore or truststore instead providing the RDBMS-specific parameter names:
{
"name" : "default",
"type" : "JDBC",
"connectionPoolType" : "BONECP",
"connectionUrl" : "jdbc:postgresql://<hostname>:<port>/<database_name>?ssl=true&sslmode=verify-full&sslrootcert=<path_to_root_certificate>",
"keyStore" : "keystore-database",
"keyStorePasswordPropertyName" : "sslpassword",
"keyStorePathPropertyName" : "sslkey",
"trustStore" : null,
"trustStorePasswordPropertyName" : null,
"trustStorePathPropertyName" : null,
"username" : "QPID"
}
Here keystore "keystore-database" is referenced, containing path to the keystore as well as its password (which is hidden). Path to the keystore should be injected into the JDBC connection string using the parameter "keyStorePathPropertyName", keystores password should be injected into JDBC connection string using the parameter "keyStorePasswordPropertyName".